Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2715
Views
0
Helpful
2
Replies

Outbound NAT on ASA

Go to solution
Patrick Werner
Level 1
Level 1

‎07-09-2013 02:40 AM - edited ‎03-11-2019 07:09 PM

Hello Community.

My inbound smtp NAT works well, but our mail server should have the same IP address on the outside interface as definded in the inbound nat.

But the smtp server allways got the IP address of the outside interface of our ASA.

How do i do outbound nat, my smtp server should have the IP address 217.168.46.155 and not the IP address 217.168.46.154.

Relevant config:

interface Vlan10

nameif inside

security-level 100

ip address 192.168.1.200 255.255.255.0

interface Vlan99

nameif outside

security-level 0

ip address 217.168.46.154 255.255.255.248

object network Z1_SMTP

host 192.168.1.9

description NAT Z1 SMTP

object-group service Z1SecureMailPorts

description Z1 Secure Mail Ports

service-object tcp destination eq smtp

access-list outside_access_in extended permit object-group Z1SecureMailPorts any host 192.168.1.9 log

object network Z1_SMTP

nat (inside,outside) static 217.168.46.155 service tcp smtp smtp

nat (inside,outside) after-auto source dynamic 192.168.1.0_24 interface

nat (guest,outside) after-auto source dynamic 172.16.20.0_24 interface

Kind regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-09-2013 02:51 AM

Hi,

Try adding this configuration

object network MAIL-SERVER-SOURCE

host 192.168.1.9

object network MAIL-SERVER-PAT

host 217.168.46.155

nat (inside,outside) after-auto 1 source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT

The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA

The key thing to notice in the "nat" command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using "after-auto" parameter)

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-09-2013 02:51 AM

Hi,

Try adding this configuration

object network MAIL-SERVER-SOURCE

host 192.168.1.9

object network MAIL-SERVER-PAT

host 217.168.46.155

nat (inside,outside) after-auto 1 source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT

The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA

The key thing to notice in the "nat" command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using "after-auto" parameter)

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

0 Helpful

Go to solution
Patrick Werner
Level 1
Level 1
In response to Jouni Forss

‎07-09-2013 12:11 PM

Thanks Jouni, you're allways right. Godfather of NAT :-)

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card